By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
WordPressNews.orgWordPressNews.org
Aa
  • Home
  • Security
  • Themes
  • Plugins
  • CDN
  • Hosting
  • WooCommerce
  • SEO
Reading: New WAF intelligence feeds
WordPressNews.orgWordPressNews.org
Aa
  • Bussiness
  • The Escapist
  • Entertainment
  • Science
  • Technology
  • Insider
Search
  • Home
  • Security
  • Themes
  • Plugins
  • CDN
  • Hosting
  • WooCommerce
  • SEO
Have an existing account? Sign In
Follow US
© Foxiz News Network. Ruby Design Company. All Rights Reserved.
New WAF intelligence feeds
CDN

New WAF intelligence feeds

Last updated: 2022/07/18 at 12:37 AM
By Info Feed 7 Min Read
Share
SHARE
New WAF intelligence feeds

New WAF intelligence feeds

Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule.

Contents
Where do these feeds come from?In dashboard IP annotationsWho gets this?Future releases

Managed lists are created and maintained by Cloudflare and are built based on threat intelligence feeds collected by analyzing patterns and trends observed across the Internet. Enterprise customers can already use the Open SOCKS Proxy list (launched in March 2021) and today we are adding four new IP lists: “VPNs”, “Botnets, Command and Control Servers”, “Malware” and “Anonymizers”.

New WAF intelligence feeds
You can check what rules are available in your plan by navigating to Manage Account → Configuration → Lists.

Customers can reference these lists when creating a custom firewall rule or in Advanced Rate Limiting. For example, you can choose to block all traffic generated by IPs we categorize as VPNs, or rate limit traffic generated by all Anonymizers. You can simply incorporate managed IP lists in the powerful firewall rule builder. Of course, you can also use your own custom IP list.

New WAF intelligence feeds
Managed IP Lists can be used in WAF rules to manage incoming traffic from these IPs.

Where do these feeds come from?

These lists are based on Cloudflare-generated threat feeds which are made available as IP lists to be easily consumed in the WAF. Each IP is categorized by combining open source data as well as by analyzing the behavior of each IP leveraging the scale and reach of Cloudflare network. After an IP has been included in one of these feeds, we verify its categorization and feed this information back into our security systems and make it available to our customers in the form of a managed IP list. The content of each list is updated multiple times a day.

More Read

Thank you, 1 million bunnies!
Thank you, 1 million bunnies!
Cloudflare Support Portal gets an overhaul
Crawler Hints supports Microsoft’s IndexNow in helping users find new content

In addition to generating IP classifications based on Cloudflare’s internal data, Cloudflare curates and combines several data sources that we believe provide reliable coverage of active security threats with a low false positive rate. In today’s environment, an IP belonging to a cloud provider might today be distributing malware, but tomorrow might be a critical resource for your company.

Some IP address classifications are publicly available, OSINT data, for example Tor exit nodes, and Cloudflare takes care of integrating this into our Anonymizer list so that you don’t have to manage integrating this list into every asset in your network. Other classifications are determined or vetted using a variety of DNS techniques, like lookup, PTR record lookup, and observing passive DNS from Cloudflare’s network.

Our malware and command-and-control focused lists are generated from curated partnerships, and one type of IP address we target when we select partners is data sources that identify security threats that do not have DNS records associated with them.

Our Anonymizer list encompasses several types of services that perform anonymization, including VPNs, open proxies, and Tor nodes. It is a superset of the more narrowly focused VPN list (known commercial VPN nodes), and the Cloudflare Open Proxies list (proxies that relay traffic without requiring authentication).

In dashboard IP annotations

Using these lists to deploy a preventative security policy for these IPs is great, but what about knowing if an IP that is interacting with your website or application is part of a Botnet or VPN? We first released contextual information for Anonymizers as part of Security Week 2022, but we are now closing the circle by extending this feature to cover all new lists.

As part of Cloudflare’s threat intelligence feeds, we are exposing the IP category directly into the dashboard. Say you are investigating requests that were blocked by the WAF and that looked to be probing your application for known software vulnerabilities. If the source IP of these requests is matching with one of our feeds (for example part of a VPN), contextual information will appear directly on the analytics page.

New WAF intelligence feeds
When the source IP of a WAF event matches one of the threat feeds, we provide contextual information directly onto the Cloudflare dashboard.

This information can help you see patterns and decide whether you need to use the managed lists to handle the traffic from these IPs in a particular way, for example by creating a rate limiting rule that reduces the amount of requests these actors can perform over a period of time.

Who gets this?

The following table summarizes what plans have access to each one of these features. Any paying plans will have access to the contextual in-dash information, while Enterprise will be able to use different managed lists. Managed lists can be used only on Enterprise zones within an Enterprise account.

FREE PRO BIZ ENT Advanced ENT *
Annotations x ✅ ✅ ✅ ✅
Open Proxies x x x ✅ ✅
Anonymizers x x x x ✅
VPNs x x x x ✅
Botnets, command and control x x x x ✅
Malware x x x x ✅

* Contact your customer success manager to learn how to get access to these lists.

Future releases

We are working on enriching our threat feeds even further. In the next months we are going to provide more IP lists, specifically we are looking into lists for cloud providers and Carrier-grade Network Address Translation (CG-NAT).

You Might Also Like

Thank you, 1 million bunnies!

Cloudflare Support Portal gets an overhaul

Crawler Hints supports Microsoft’s IndexNow in helping users find new content

Share this Article
Facebook Twitter Email Copy Link Print
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow US

Find US on Social Medias
Facebook Like
Twitter Follow
Youtube Subscribe
Telegram Follow

Weekly Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form]
- Advertisement -
Ad image

Popular News

The Cleanest and Classiest Accountant Website Designs

By Info Feed July 29, 2022
Google Marketing Live 2022: Reactions from the experts
What Is the Creator Economy? (And how can you get involved)
How to Edit a Divi Cloud Item
Bringing privacy back into your own hands: Introducing Bunny Fonts!
Global Coronavirus Cases

Confirmed

594.18M

Death

6.45M

More Information:Covid-19 Statistics

More Popular from Foxiz

Security

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

By Info Feed 17 Min Read

Cross-Site Scripting Vulnerability In Download Manager Plugin

By Info Feed

8 UX Design Tips: How to Balance Visual Aesthetic and User Experience in Web Design

By Info Feed 0 Min Read
- Advertisement -
Ad image
Security

Top Five Attacking IPs This Month: Their Locations May Not Be Where You Think

At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected…

By Info Feed
Security

Top Five Attacking IPs This Month: Their Locations May Not Be Where You Think

At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected…

By Info Feed
Security

Cross-Site Scripting Vulnerability In Download Manager Plugin

On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to…

By Info Feed
Security

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

One of the core concepts of cybersecurity is known as the CIA Triad. There are three…

By Info Feed
Security

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a…

By Info Feed
wordpressnews-logo-120-60

#1 Spot for Wordpress News and Tools

Categories

  • Home
  • Security
  • Themes
  • Plugins
  • CDN
  • Hosting
  • WooCommerce
  • SEO

Quick Links

  • Under Construction

© WordPressNews.org All Rights Reserved.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?